Posted by Jerry Stuckle on 10/23/07 11:13

mabobine wrote:
> if($session->userHasSession($user['id'])) {
> throw new Exception('You can only have One session at a time. Please
> wait for the other session to expire.');
> }
>
>
> public function userHasSession($user_id)
> {
> $this->cleanup();
>
> // Check first, that the User exists on the Database
> $query = 'select * from `users` where id = {user_id}';
> $query_subst = array('user_id' => $user_id);
> $mysqlres = mysqlConn::executeQuery($query, $query_subst);
> if(mysql_num_rows($mysqlres) < 1) {
> mysql_free_result($mysqlres);
>
> // Block remaining operations, because the User is not valid on the
> system
> die("Exception: User requesting the Session is invalid!");
>
> return false;
> }
>
> // Now, check if there is a Session for this User
> $query = 'select * from `' . $this->table . '` where user_id =
> {user_id}';
> $mysqlres = mysqlConn::executeQuery($query, $query_subst);
> if(mysql_num_rows($mysqlres) > 0) {
> mysql_free_result($mysqlres);
> return true;
> } else {
> mysql_free_result($mysqlres);
> return false;
> }
> }
>
> public function killSession()
> {
> if($this->started)
> {
> $query = 'DELETE FROM ' . $this->table . ' WHERE id =
> {session_id}';
> $query_subst = array('session_id' => $this->session_id);
> if(mysqlConn::executeQuery($query, $query_subst))
> {
> setcookie('session_id', '', time() - 259200);
>
> return true;
> }
> }
>
> return false;
> }
>
>
>
>
>
>
>

OK, you're keeping track of sessions in your MySQL database. You need
to clean up the session, even if they just close their browser and never
log off. That means removing the entry from your table, which you
evidently are not doing (it's hard to tell since you only show part of
your code).

The problem is - when to do it? You can do it on a timer (i.e. every 2
hours), for instance. Another way would be to delete the old session
when they log on the new time.

This is a good reason why I don't uses a database to keep track of
sessions. I just use the $_SESSION superglobal.


--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

• Next in forum: Re: JERRY STUCKLE = PARANOID, DELUSIONAL, MORON
• Prev in forum: Re: How to get the files names from the folder using PHP ..
• Thread view: Re: Session problem

[Reply to this message]